Selaimet lakkaavat toimimasta

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

maanantai 17.11.2025 / 08:42

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > selaimet lakkaavat toimimasta

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Selaimet lakkaavat toimimasta

Siirry:

Kirjoittaja

Viesti

Dakann

Suspended due to non-functional email address

19. helmikuuta 2009 @ 16:39

Linkki tähän viestiin

Elikkäs selaimet lakkaavat yhtäkkiä toimimasta. Esim. Jos olen Youtubessa ja painan videota katsoakseni sitä, jää selain vain lataamaan sivua. Ongelma lähtee pois vasta uudelleen käynnistyksen jälkeen. Muu nettiliikenne toimii normaalisti

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:40, on 19.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo1] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c98c6925f043cf) (gupdate1c98c6925f043cf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10737 bytes

[ + lainaa]

Hujo

Suspended permanently

19. helmikuuta 2009 @ 19:59

Linkki tähän viestiin

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O20 - AppInit_DLLs:

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

[ + lainaa]

Voiko tietsikka koskaan toimia?

Dakann

Suspended due to non-functional email address

19. helmikuuta 2009 @ 22:05

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1778
Windows 6.0.6001 Service Pack 1

19.2.2009 21:52:04
mbam-log-2009-02-19 (21-51-52).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 343142
Kulunut aika: 1 hour(s), 27 minute(s), 56 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

[ + lainaa]

Hujo

Suspended permanently

19. helmikuuta 2009 @ 22:34

Linkki tähän viestiin

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna Palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Dakann

Suspended due to non-functional email address

20. helmikuuta 2009 @ 14:13

Linkki tähän viestiin

ComboFix 09-02-19.01 - scaleo 2009-02-20 13:55:10.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.2047.1234 [GMT 2:00]
Sijainti: c:\users\scaleo\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090214-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-20 to 2009-02-20 )))))))))))))))))
.

2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\users\scaleo\AppData\Roaming\Malwarebytes
2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 20:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-19 20:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-19 16:57 . 2009-02-19 16:57 <KANSIO> d-------- c:\users\All Users\ATI
2009-02-19 16:57 . 2009-02-19 16:57 <KANSIO> d-------- c:\programdata\ATI
2009-02-16 15:55 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 15:55 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 15:55 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 15:55 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 15:55 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-15 10:59 . 2009-02-15 10:59 <KANSIO> d-------- c:\users\All Users\WindowsSearch
2009-02-15 10:59 . 2009-02-15 10:59 <KANSIO> d-------- c:\programdata\WindowsSearch
2009-02-14 23:16 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-14 18:22 . 2009-02-14 18:22 <KANSIO> d-------- C:\PerfLogs
2009-02-14 18:20 . 2007-06-01 17:46 6,054 --a------ c:\windows\System32\nvdisp.nvu
2009-02-14 17:57 . 2009-02-14 17:22 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-02-14 17:57 . 2009-02-14 17:22 47,560 --a------ c:\windows\System32\SPReview.exe
2009-02-14 17:36 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-02-14 17:36 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-02-14 17:35 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-02-14 17:35 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-02-14 17:35 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-02-14 17:26 . 2008-01-18 23:33 5,714,432 --a------ c:\windows\System32\logon.scr
2009-02-14 17:24 . 2008-01-18 21:31 8,322,048 --a------ c:\windows\System32\spwizimg.dll
2009-02-14 17:22 . 2009-02-14 17:57 <KANSIO> d-------- C:\3e382d02082148fe5eb30cae16fc7e
2009-02-14 17:02 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-02-14 17:01 . 2009-02-14 17:59 262,144 --a------ c:\windows\SPInstall.etl
2009-02-11 18:49 . 2009-02-19 18:55 <KANSIO> d-------- c:\users\All Users\Google Updater
2009-02-11 18:49 . 2009-02-19 18:55 <KANSIO> d-------- c:\programdata\Google Updater
2009-02-11 14:20 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 14:20 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 11:06 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2009-02-06 17:33 . 2009-02-06 17:33 <KANSIO> d-------- c:\users\scaleo\AppData\Roaming\fltk.org
2009-02-03 14:49 . 2009-02-03 14:49 <KANSIO> d-------- c:\program files\AC3Filter
2009-02-03 14:49 . 2008-07-09 10:05 421,888 --a------ c:\windows\System32\ac3filter.acm
2009-01-31 10:45 . 2009-02-12 19:31 65,536 --a------ c:\windows\IFinst27.exe
2009-01-28 18:50 . 2009-01-28 18:50 <KANSIO> d-------- c:\users\scaleo\AppData\Roaming\Deckadance
2009-01-26 18:32 . 2009-01-26 18:34 <KANSIO> d-------- c:\program files\Image-Line
2009-01-26 17:57 . 2009-01-26 22:47 <KANSIO> d-------- c:\program files\McAfee
2009-01-26 17:57 . 2009-01-26 17:57 <KANSIO> d-------- c:\program files\Common Files\McAfee
2009-01-26 16:07 . 2009-01-26 18:34 <KANSIO> d-------- c:\program files\VstPlugins
2009-01-26 16:07 . 2002-07-08 00:14 1,294,336 --a------ c:\windows\System32\vorbis.acm
2009-01-26 16:07 . 2006-06-20 10:56 225,280 --a------ c:\windows\System32\rewire.dll
2009-01-26 16:06 . 2009-01-26 16:06 <KANSIO> d-------- c:\program files\Outsim

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 11:59 --------- d-----w c:\users\scaleo\AppData\Roaming\Hamachi
2009-02-20 11:47 348,370 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-19 14:56 --------- d-----w c:\program files\ATI Technologies
2009-02-18 16:00 --------- d-----w c:\program files\Norton Security Scan
2009-02-17 20:29 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-16 15:48 --------- d-----w c:\program files\Opera
2009-02-15 19:20 --------- d-----w c:\program files\Google
2009-02-15 18:54 2,358,283 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-15 18:53 1,720,320 ----a-w c:\windows\Internet Logs\xDB8B95.tmp
2009-02-14 17:48 34 ----a-w c:\users\scaleo\jagex_runescape_preferences.dat
2009-02-14 16:31 174 --sha-w c:\program files\desktop.ini
2009-02-14 16:23 --------- d-----w c:\program files\Windows Sidebar
2009-02-14 16:23 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-14 16:23 --------- d-----w c:\program files\Windows Mail
2009-02-14 16:23 --------- d-----w c:\program files\Windows Journal
2009-02-14 16:23 --------- d-----w c:\program files\Windows Defender
2009-02-14 16:23 --------- d-----w c:\program files\Windows Collaboration
2009-02-14 16:23 --------- d-----w c:\program files\Windows Calendar
2009-02-14 16:05 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-14 16:04 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-08 10:03 --------- d-----w c:\users\scaleo\AppData\Roaming\BitTorrent
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-02-05 11:57 --------- d-----w c:\program files\Common Files\Steam
2009-02-03 12:12 --------- d-----w c:\users\scaleo\AppData\Roaming\mIRC
2009-02-01 18:18 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-01 18:16 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-26 16:34 --------- d-----w c:\program files\VstPlugins
2009-01-26 15:57 --------- d-----w c:\programdata\McAfee
2009-01-24 11:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-17 22:42 --------- d-----w c:\programdata\TrackMania
2009-01-17 09:48 --------- d-----w c:\program files\CCleaner
2009-01-15 12:18 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-15 12:18 --------- d-----w c:\program files\Java
2009-01-14 07:15 4,235,776 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-01-14 05:03 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-01-14 05:02 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-01-14 05:01 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-01-14 05:01 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-01-14 05:01 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-01-14 05:01 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-01-14 04:59 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-01-14 04:50 2,345,472 ----a-w c:\windows\System32\atidxx32.dll
2009-01-14 04:44 3,963,392 ----a-w c:\windows\System32\atiumdag.dll
2009-01-14 04:22 4,765,696 ----a-w c:\windows\System32\atiumdva.dll
2009-01-14 04:08 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2009-01-14 04:07 122,880 ----a-w c:\windows\System32\atiadlxx.dll
2009-01-14 03:59 11,247,616 ----a-w c:\windows\System32\atioglxx.dll
2009-01-14 03:50 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 02:54 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2009-01-14 02:53 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2009-01-14 02:51 3,239,936 ----a-w c:\windows\System32\amdcaldd.dll
2009-01-07 20:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-05 15:31 --------- d-----w c:\programdata\Media Center Programs
2009-01-05 15:21 --------- d-----w c:\program files\THQ
2009-01-05 15:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 21:48 737,280 ----a-w c:\windows\iun6002.exe
2009-01-03 23:38 --------- d-----w c:\users\scaleo\AppData\Roaming\DNA
2008-12-30 14:48 --------- d-----w c:\program files\LittleFighter2
2008-12-28 21:03 --------- d-----w c:\program files\DNA
2008-12-28 21:03 --------- d-----w c:\program files\BitTorrent
2008-12-28 17:42 --------- d-----w c:\program files\MagicISO
2008-12-26 19:26 --------- d-----w c:\users\scaleo\AppData\Roaming\teamspeak2
2008-12-24 17:27 --------- d-----w c:\program files\FIFAMANIA
2008-12-24 12:55 --------- d-----w c:\program files\Fox
2008-12-22 22:43 --------- d-----w c:\users\scaleo\AppData\Roaming\SiteAdvisor
2008-12-21 17:43 --------- d-----w c:\program files\AMD
2008-12-21 15:18 --------- d-----w c:\program files\Fifa Master
2008-12-04 12:44 5,280 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-11-24 19:34 180,224 ----a-w c:\windows\System32\cnvshell.dll
2008-05-27 19:51 22,328 ----a-w c:\users\scaleo\AppData\Roaming\PnkBstrK.sys
2007-12-15 11:09 0 ----a-w c:\users\scaleo\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo1"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2008-05-02 307200]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1EC3EBA8-0E28-438E-A5FA-00AE75F9D738}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA17A55D-8E36-4E63-9CAF-F1FFB2839345}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{10B43187-3949-4A7E-9AAF-EDB96FBF43C6}c:\\program files\\the all-seeing eye\\eye.exe"= UDP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{7F07FEF1-C5EE-4AD1-B4DE-9CA39EB1C282}c:\\program files\\the all-seeing eye\\eye.exe"= TCP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{48116FA7-6D11-4AB7-ACF4-2FED8500C31F}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{0A67460A-D4CC-4705-B4BF-8C8C3BD99AA2}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{14802E66-C4F0-4362-A4F2-A79EDC43809D}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike source\\hl2.exe"= UDP:d:\program files\steam\steamapps\spedeee\counter-strike source\hl2.exe:hl2
"UDP Query User{B897F9F6-583B-4EA8-8DAA-78585F4C03E6}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike source\\hl2.exe"= TCP:d:\program files\steam\steamapps\spedeee\counter-strike source\hl2.exe:hl2
"TCP Query User{CD8726E2-1B99-4C79-B329-F36582DB5EDB}d:\\program files\\steam\\steamapps\\spedeee\\team fortress 2\\hl2.exe"= UDP:d:\program files\steam\steamapps\spedeee\team fortress 2\hl2.exe:hl2
"UDP Query User{4870448D-2B9E-4052-8F18-10494E29863C}d:\\program files\\steam\\steamapps\\spedeee\\team fortress 2\\hl2.exe"= TCP:d:\program files\steam\steamapps\spedeee\team fortress 2\hl2.exe:hl2
"{E16A9088-2D8B-45D1-975A-D47A56CDD994}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{818D9785-CD0E-4BE2-955E-E45919BB7CEB}d:\\program files\\steam\\steamapps\\spedeee\\day of defeat\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{6B9C8A82-9B8F-47CF-8847-E96924A30E4D}d:\\program files\\steam\\steamapps\\spedeee\\day of defeat\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{FF00D093-BF79-4CCB-AA1F-ECD110D95809}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{BA5106EA-B31A-4D35-8A20-5D82CCE2F964}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{5C2E28E6-271E-4615-8822-2B6797488BF6}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{CD67CE95-87FF-48A3-9A1A-10BBF20B4085}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{677E687B-65BB-4F70-ACF8-DBDBEDDF4269}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{9738361B-C44E-4292-AEC7-FFF833924C2D}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{18B7B624-014A-4DF5-87A3-176D7B0C4678}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{DDF075B7-32E2-4815-893C-4A1A47754ED3}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{5D8E2F1E-0C60-48B6-9910-8358D2E0302B}c:\\program files\\pan vision\\igi 2 covert strike\\pc\\igi2.exe"= UDP:c:\program files\pan vision\igi 2 covert strike\pc\igi2.exe:IGI2:Covert Strike
"UDP Query User{32B5884D-E822-4790-AB4E-BF722D6A4E64}c:\\program files\\pan vision\\igi 2 covert strike\\pc\\igi2.exe"= TCP:c:\program files\pan vision\igi 2 covert strike\pc\igi2.exe:IGI2:Covert Strike
"{042AD396-A1C7-4F73-96BB-448DBA4DB43D}"= UDP:c:\program files\DAEMON Tools Lite\daemon.exe:DAEMON Tools Lite
"{F29310A9-E952-49F0-9E31-36CBC6BD36F3}"= TCP:c:\program files\DAEMON Tools Lite\daemon.exe:DAEMON Tools Lite
"{21407A14-70C5-4619-84AF-B4C3A97DE74D}"= UDP:c:\program files\Codemasters\Colin McRae Rally 2\CMR2.exe:Colin McRae Rally 2
"{DF61AF12-926E-4301-B638-87DBED1C050B}"= TCP:c:\program files\Codemasters\Colin McRae Rally 2\CMR2.exe:Colin McRae Rally 2
"TCP Query User{D1D2F80C-A6C0-4291-8A10-550F7C004888}d:\\program files\\steam\\steamapps\\spedeee\\source sdk base\\hl2.exe"= UDP:d:\program files\steam\steamapps\spedeee\source sdk base\hl2.exe:hl2
"UDP Query User{A9E3F078-CA05-460D-B717-8068E906871D}d:\\program files\\steam\\steamapps\\spedeee\\source sdk base\\hl2.exe"= TCP:d:\program files\steam\steamapps\spedeee\source sdk base\hl2.exe:hl2
"TCP Query User{6BBB77DC-D1EE-4D1D-8CF5-50AFFBBB228F}d:\\program files\\steam\\steamapps\\spedeee\\half-life\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\half-life\hl.exe:Half-Life Launcher
"UDP Query User{8F5E633E-281A-46B6-8E52-7EB20B7D10E8}d:\\program files\\steam\\steamapps\\spedeee\\half-life\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\half-life\hl.exe:Half-Life Launcher
"TCP Query User{F2F787E6-A251-490D-81AC-E330CB3591F4}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5F3D40B8-879D-4A4C-97A1-0CAC94DAE19C}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{F65B4FD1-D7D6-4164-BCCB-AA8F1D2E4BA7}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DDD70020-7119-4205-B8F1-06696FD766CF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{46D4E449-F9F5-4527-834D-7E849C55C639}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{7E686557-D668-4E0B-AFFE-821869301DCA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{91DC19E4-1E4A-4138-AD51-4CB33D34C8C0}"= UDP:d:\battlefield\BF2.exe:Battlefield 2
"{FA56D2B3-08F6-4089-B72E-B28DFF5588DE}"= TCP:d:\battlefield\BF2.exe:Battlefield 2
"TCP Query User{76481CAD-CD9D-4146-A280-BB0EECEE17A2}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{DAA63AEB-CB6C-411B-A0EC-49A260818A64}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{135F8D09-1951-4DEE-8702-03B36143A76A}c:\\program files\\table tennis pro v2 lite\\ttpro_dx9.exe"= UDP:c:\program files\table tennis pro v2 lite\ttpro_dx9.exe:TTPro_DX9
"UDP Query User{3EBC9FFA-1E5B-4385-8419-4E9C8D1D3764}c:\\program files\\table tennis pro v2 lite\\ttpro_dx9.exe"= TCP:c:\program files\table tennis pro v2 lite\ttpro_dx9.exe:TTPro_DX9
"{BFFD2B12-5502-44DE-9649-9916B54BE899}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{C6185BA5-5BE8-4028-8CE7-A3B47F12346A}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{9A0E1AB1-8D49-4BE7-A1AB-B864DEEF9536}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{833BBE33-426F-445F-B798-91A46E3048C3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3EAAFE99-E6ED-40FF-9399-F82A8BBF96B0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{8E97A60E-EFC7-4D37-9A10-5627CCBF2974}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{698BBEEF-7C25-4899-9414-95908FE01AE3}c:\\program files\\codemasters\\operation flashpoint\\flashpointresistance.exe"= UDP:c:\program files\codemasters\operation flashpoint\flashpointresistance.exe:Operation Flashpoint
"UDP Query User{A0FE7046-585F-4A3F-B540-3A5F4CB6D749}c:\\program files\\codemasters\\operation flashpoint\\flashpointresistance.exe"= TCP:c:\program files\codemasters\operation flashpoint\flashpointresistance.exe:Operation Flashpoint
"TCP Query User{12EE1AF5-2C55-4CA8-95DA-D9F2983657BA}d:\\program files\\steam\\steamapps\\spedeee\\ricochet\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{F15CFCF1-5700-4A6E-A39E-3C9AFDB038A8}d:\\program files\\steam\\steamapps\\spedeee\\ricochet\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{7C56A50D-286B-41C7-AB7D-CDBBD94BACE7}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{8F5AA96E-8A60-4FD3-AA86-5A4B0B1F6FB3}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{3ADCB008-1A0E-4D76-88EC-EA33D2F950ED}c:\\program files\\spring\\springdownloader.exe"= UDP:c:\program files\spring\springdownloader.exe:SpringDownloader
"UDP Query User{CCC7DC69-A8BA-4BBF-9DC2-A1545E351DFB}c:\\program files\\spring\\springdownloader.exe"= TCP:c:\program files\spring\springdownloader.exe:SpringDownloader
"TCP Query User{2DAD4694-78B1-49DF-89ED-BFDC3DD518F8}c:\\program files\\spring\\tasclient.exe"= UDP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"UDP Query User{FE9D6DAB-8AF9-4FE7-9F69-6D9CB9C1C20B}c:\\program files\\spring\\tasclient.exe"= TCP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"{BE4BE2F9-8208-431C-9EE8-C7C1CF4989E1}"= TCP:8452:ta spring
"{F63E9224-AA8D-43D3-8359-039F20511F74}"= UDP:8452:ta
"{923FF2EA-5B7D-4445-A5CB-45C8085BEE60}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{1034402A-B28D-4749-9F0F-AB929B32F587}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{EAC2322B-EB87-4D23-9003-32070D89CB74}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{58AE9FA8-8833-403B-A87B-C282A5CB7FE0}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{3C9A9D69-5B4D-4BD2-9B75-8EE05B90330A}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{C842BE58-BFFD-45F4-9FD5-0F86555880DC}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{33D3F175-439E-4EEC-96E3-5B0E5486ED79}"= UDP:c:\program files\LittleFighter2\LF2_v2.0\lf2.exe:Little Fighter 2
"{8E9DB6F4-3BE3-43C6-A230-087F0BB6DDA0}"= TCP:c:\program files\LittleFighter2\LF2_v2.0\lf2.exe:Little Fighter 2
"{D5E97997-0463-41B4-8E95-8188B2A9C1C0}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{466434FE-96F8-45EB-B99E-9872D5697BCF}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{DDF36EA4-A914-4ABF-A5CC-9A80F4F46DB8}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{4C43A396-2215-4053-ABFE-6BC7BB9958E9}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{DD411F09-B1A8-491E-8007-2D00B1AD791A}"= UDP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{7CF50A52-87B3-42FB-8B31-5F5955EF8DAC}"= TCP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{FD42D230-D98B-4BE2-89AB-3510295BE5FB}"= UDP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{4780E112-D9F5-48DF-80DD-050374B5A48A}"= TCP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{6F3D7A03-506A-420E-A138-7F6B6E4063E6}"= UDP:d:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{569ED080-D7C6-409A-8917-20B1E9B3A8BE}"= TCP:d:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{C7CAC8C6-F8F2-4DC7-B953-36DBCFAC8FF0}"= UDP:d:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{0B279AB5-4F0D-4F7D-871F-6000AFC9BE08}"= TCP:d:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{1993F774-FCD4-46F8-8DBB-9609A63F2A47}"= UDP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{3049ACAA-22C7-4618-9DA7-218AB3F25790}"= TCP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-23 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-24 51792]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2008-09-03 625952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-26 206096]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-01 810320]
S2 gupdate1c98c6925f043cf;Google Update Service (gupdate1c98c6925f043cf);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 ADM8511;USB To Fast Ethernet/ HomePNA Adapter;c:\windows\System32\drivers\NETUSB.SYS [2008-12-13 24395]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ecef362-b07d-11dc-aea6-0019214a56e1}]
\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f66892a-a27b-11dd-9667-0019214a56e1}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c502660d-a998-11dc-9f29-806e6f6e6963}]
\shell\AutoRun\command - E:\OblivionLauncher.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 18:49]

2009-02-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:52]

2009-02-18 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]

2007-12-14 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 13:59:02
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

c:\users\scaleo\AppData\Local\Temp\catchme.dll 53248 bytes executable

tarkistus on valmis
piilotetut tiedostot: 1

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(6132)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Valmistumisajankohta: 2009-02-20 14:01:26
ComboFix-quarantined-files.txt 2009-02-20 12:01:22

Ennen ajoa: 178 508 353 536 tavua vapaana
Ajon jälkeen: 178,473,586,688 tavua vapaana

Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
306 --- E O F --- 2009-02-20 11:29:44

[ + lainaa]

Hujo

Suspended permanently

20. helmikuuta 2009 @ 14:47

Linkki tähän viestiin

eihä sulla ole tuo vistan palomuuri päällä

=============

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Lainaus:
Folder::
c:\program files\Norton Security Scan

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.

combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

[ + lainaa]

Voiko tietsikka koskaan toimia?

Dakann

Suspended due to non-functional email address

20. helmikuuta 2009 @ 15:56

Linkki tähän viestiin

Windownsin palomuuri ei ole päällä
1:stä ja entteriä ei missään vaiheessa pystynyt painamaan mutta kyllä sieltä logi kuitenkin tuli

===============

ComboFix 09-02-19.01 - scaleo 2009-02-20 15:36:53.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.2047.1185 [GMT 2:00]
Sijainti: c:\users\scaleo\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\scaleo\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 090214-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\ccL70U.dll
c:\program files\Norton Security Scan\ccScanw.dll
c:\program files\Norton Security Scan\ccVrTrst.dll
c:\program files\Norton Security Scan\dec_abi.dll
c:\program files\Norton Security Scan\DefUtDCD.dll
c:\program files\Norton Security Scan\ecmldr32.dll
c:\program files\Norton Security Scan\help.htm
c:\program files\Norton Security Scan\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\msl.dll
c:\program files\Norton Security Scan\msvcp80.dll
c:\program files\Norton Security Scan\msvcr80.dll
c:\program files\Norton Security Scan\Nss.exe
c:\program files\Norton Security Scan\patch25d.dll
c:\program files\Norton Security Scan\SAUpdt.dll
c:\program files\Norton Security Scan\ScanCore.dll
c:\program files\Norton Security Scan\ScanRes.dll
c:\program files\Norton Security Scan\SKURes.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-20 to 2009-02-20 )))))))))))))))))
.

2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\users\scaleo\AppData\Roaming\Malwarebytes
2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-02-19 20:20 . 2009-02-19 20:20 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 20:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-19 20:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-19 16:57 . 2009-02-19 16:57 <KANSIO> d-------- c:\users\All Users\ATI
2009-02-19 16:57 . 2009-02-19 16:57 <KANSIO> d-------- c:\programdata\ATI
2009-02-16 15:55 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 15:55 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 15:55 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 15:55 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 15:55 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-15 10:59 . 2009-02-15 10:59 <KANSIO> d-------- c:\users\All Users\WindowsSearch
2009-02-15 10:59 . 2009-02-15 10:59 <KANSIO> d-------- c:\programdata\WindowsSearch
2009-02-14 23:16 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-14 18:22 . 2009-02-14 18:22 <KANSIO> d-------- C:\PerfLogs
2009-02-14 18:20 . 2007-06-01 17:46 6,054 --a------ c:\windows\System32\nvdisp.nvu
2009-02-14 17:57 . 2009-02-14 17:22 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-02-14 17:57 . 2009-02-14 17:22 47,560 --a------ c:\windows\System32\SPReview.exe
2009-02-14 17:36 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-02-14 17:36 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-02-14 17:35 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-02-14 17:35 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-02-14 17:35 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-02-14 17:26 . 2008-01-18 23:33 5,714,432 --a------ c:\windows\System32\logon.scr
2009-02-14 17:24 . 2008-01-18 21:31 8,322,048 --a------ c:\windows\System32\spwizimg.dll
2009-02-14 17:22 . 2009-02-14 17:57 <KANSIO> d-------- C:\3e382d02082148fe5eb30cae16fc7e
2009-02-14 17:02 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-02-14 17:01 . 2009-02-14 17:59 262,144 --a------ c:\windows\SPInstall.etl
2009-02-11 18:49 . 2009-02-19 18:55 <KANSIO> d-------- c:\users\All Users\Google Updater
2009-02-11 18:49 . 2009-02-19 18:55 <KANSIO> d-------- c:\programdata\Google Updater
2009-02-11 14:20 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 14:20 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 11:06 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2009-02-06 17:33 . 2009-02-06 17:33 <KANSIO> d-------- c:\users\scaleo\AppData\Roaming\fltk.org
2009-02-03 14:49 . 2009-02-03 14:49 <KANSIO> d-------- c:\program files\AC3Filter
2009-02-03 14:49 . 2008-07-09 10:05 421,888 --a------ c:\windows\System32\ac3filter.acm
2009-01-31 10:45 . 2009-02-12 19:31 65,536 --a------ c:\windows\IFinst27.exe
2009-01-28 18:50 . 2009-01-28 18:50 <KANSIO> d-------- c:\users\scaleo\AppData\Roaming\Deckadance
2009-01-26 18:32 . 2009-01-26 18:34 <KANSIO> d-------- c:\program files\Image-Line
2009-01-26 17:57 . 2009-01-26 22:47 <KANSIO> d-------- c:\program files\McAfee
2009-01-26 17:57 . 2009-01-26 17:57 <KANSIO> d-------- c:\program files\Common Files\McAfee
2009-01-26 16:07 . 2009-01-26 18:34 <KANSIO> d-------- c:\program files\VstPlugins
2009-01-26 16:07 . 2002-07-08 00:14 1,294,336 --a------ c:\windows\System32\vorbis.acm
2009-01-26 16:07 . 2006-06-20 10:56 225,280 --a------ c:\windows\System32\rewire.dll
2009-01-26 16:06 . 2009-01-26 16:06 <KANSIO> d-------- c:\program files\Outsim

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 13:40 --------- d-----w c:\users\scaleo\AppData\Roaming\Hamachi
2009-02-20 13:31 348,370 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-19 14:56 --------- d-----w c:\program files\ATI Technologies
2009-02-17 20:29 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-16 15:48 --------- d-----w c:\program files\Opera
2009-02-15 19:20 --------- d-----w c:\program files\Google
2009-02-15 18:54 2,358,283 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-15 18:53 1,720,320 ----a-w c:\windows\Internet Logs\xDB8B95.tmp
2009-02-14 17:48 34 ----a-w c:\users\scaleo\jagex_runescape_preferences.dat
2009-02-14 16:31 174 --sha-w c:\program files\desktop.ini
2009-02-14 16:23 --------- d-----w c:\program files\Windows Sidebar
2009-02-14 16:23 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-14 16:23 --------- d-----w c:\program files\Windows Mail
2009-02-14 16:23 --------- d-----w c:\program files\Windows Journal
2009-02-14 16:23 --------- d-----w c:\program files\Windows Defender
2009-02-14 16:23 --------- d-----w c:\program files\Windows Collaboration
2009-02-14 16:23 --------- d-----w c:\program files\Windows Calendar
2009-02-14 16:05 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-14 16:04 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-08 10:03 --------- d-----w c:\users\scaleo\AppData\Roaming\BitTorrent
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-02-05 11:57 --------- d-----w c:\program files\Common Files\Steam
2009-02-03 12:12 --------- d-----w c:\users\scaleo\AppData\Roaming\mIRC
2009-02-01 18:18 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-01 18:16 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-26 16:34 --------- d-----w c:\program files\VstPlugins
2009-01-26 15:57 --------- d-----w c:\programdata\McAfee
2009-01-24 11:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-17 22:42 --------- d-----w c:\programdata\TrackMania
2009-01-17 09:48 --------- d-----w c:\program files\CCleaner
2009-01-15 12:18 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-15 12:18 --------- d-----w c:\program files\Java
2009-01-14 07:15 4,235,776 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-01-14 05:03 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-01-14 05:02 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-01-14 05:01 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-01-14 05:01 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-01-14 05:01 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-01-14 05:01 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-01-14 04:59 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-01-14 04:50 2,345,472 ----a-w c:\windows\System32\atidxx32.dll
2009-01-14 04:44 3,963,392 ----a-w c:\windows\System32\atiumdag.dll
2009-01-14 04:22 4,765,696 ----a-w c:\windows\System32\atiumdva.dll
2009-01-14 04:08 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2009-01-14 04:07 122,880 ----a-w c:\windows\System32\atiadlxx.dll
2009-01-14 03:59 11,247,616 ----a-w c:\windows\System32\atioglxx.dll
2009-01-14 03:50 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 02:54 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2009-01-14 02:53 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2009-01-14 02:51 3,239,936 ----a-w c:\windows\System32\amdcaldd.dll
2009-01-07 20:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-05 15:31 --------- d-----w c:\programdata\Media Center Programs
2009-01-05 15:21 --------- d-----w c:\program files\THQ
2009-01-05 15:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 21:48 737,280 ----a-w c:\windows\iun6002.exe
2009-01-03 23:38 --------- d-----w c:\users\scaleo\AppData\Roaming\DNA
2008-12-30 14:48 --------- d-----w c:\program files\LittleFighter2
2008-12-28 21:03 --------- d-----w c:\program files\DNA
2008-12-28 21:03 --------- d-----w c:\program files\BitTorrent
2008-12-28 17:42 --------- d-----w c:\program files\MagicISO
2008-12-26 19:26 --------- d-----w c:\users\scaleo\AppData\Roaming\teamspeak2
2008-12-24 17:27 --------- d-----w c:\program files\FIFAMANIA
2008-12-24 12:55 --------- d-----w c:\program files\Fox
2008-12-22 22:43 --------- d-----w c:\users\scaleo\AppData\Roaming\SiteAdvisor
2008-12-21 17:43 --------- d-----w c:\program files\AMD
2008-12-21 15:18 --------- d-----w c:\program files\Fifa Master
2008-12-04 12:44 5,280 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-11-24 19:34 180,224 ----a-w c:\windows\System32\cnvshell.dll
2008-05-27 19:51 22,328 ----a-w c:\users\scaleo\AppData\Roaming\PnkBstrK.sys
2007-12-15 11:09 0 ----a-w c:\users\scaleo\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-20_13.59.31,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 11:46:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-20 13:31:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-20 11:46:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-20 13:31:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-20 11:48:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-20 13:32:50 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-20 13:32:50 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-20 11:58:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-20 13:40:03 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-20 13:40:03 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-20 11:47:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-20 13:31:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-20 11:47:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 13:31:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 11:47:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 13:31:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-20 12:32:32 5,828 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\328F991128D400E2227521E89E0581A013DD30A7\328F991128D400E2227521E89E0581A013DD30A7\Data.dat
+ 2009-02-20 12:11:27 5,256 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3FACF5DAF5222B1F0CC2695313DCD50503D2F2F1\3FACF5DAF5222B1F0CC2695313DCD50503D2F2F1\Data.dat
+ 2009-02-20 12:29:32 5,152 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\713C071CF34017C3FCFBF844AFCA8E345CCA37CB\289CB252FBE3077762F252582724A222E8BADBA5\Data.dat
+ 2009-02-20 12:31:55 5,186 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\A67AE3EED49DFD110BE80E223CCDC1CFDE8130F9\A67AE3EED49DFD110BE80E223CCDC1CFDE8130F9\Data.dat
+ 2009-02-20 13:11:16 5,816 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\A8AEFB3A2B2DF343F64E1300B420AE208D931288\A8AEFB3A2B2DF343F64E1300B420AE208D931288\Data.dat
- 2009-02-20 11:48:59 13,512 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-262633358-4049185300-3556971357-1000_UserData.bin
+ 2009-02-20 13:33:04 13,680 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-262633358-4049185300-3556971357-1000_UserData.bin
- 2009-02-20 11:48:59 114,974 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 13:33:04 115,254 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-20 11:29:18 55,744 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 13:33:03 55,964 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo1"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2008-05-02 307200]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1EC3EBA8-0E28-438E-A5FA-00AE75F9D738}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA17A55D-8E36-4E63-9CAF-F1FFB2839345}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{10B43187-3949-4A7E-9AAF-EDB96FBF43C6}c:\\program files\\the all-seeing eye\\eye.exe"= UDP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{7F07FEF1-C5EE-4AD1-B4DE-9CA39EB1C282}c:\\program files\\the all-seeing eye\\eye.exe"= TCP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{48116FA7-6D11-4AB7-ACF4-2FED8500C31F}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{0A67460A-D4CC-4705-B4BF-8C8C3BD99AA2}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{14802E66-C4F0-4362-A4F2-A79EDC43809D}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike source\\hl2.exe"= UDP:d:\program files\steam\steamapps\spedeee\counter-strike source\hl2.exe:hl2
"UDP Query User{B897F9F6-583B-4EA8-8DAA-78585F4C03E6}d:\\program files\\steam\\steamapps\\spedeee\\counter-strike source\\hl2.exe"= TCP:d:\program files\steam\steamapps\spedeee\counter-strike source\hl2.exe:hl2
"TCP Query User{CD8726E2-1B99-4C79-B329-F36582DB5EDB}d:\\program files\\steam\\steamapps\\spedeee\\team fortress 2\\hl2.exe"= UDP:d:\program files\steam\steamapps\spedeee\team fortress 2\hl2.exe:hl2
"UDP Query User{4870448D-2B9E-4052-8F18-10494E29863C}d:\\program files\\steam\\steamapps\\spedeee\\team fortress 2\\hl2.exe"= TCP:d:\program files\steam\steamapps\spedeee\team fortress 2\hl2.exe:hl2
"{E16A9088-2D8B-45D1-975A-D47A56CDD994}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{818D9785-CD0E-4BE2-955E-E45919BB7CEB}d:\\program files\\steam\\steamapps\\spedeee\\day of defeat\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{6B9C8A82-9B8F-47CF-8847-E96924A30E4D}d:\\program files\\steam\\steamapps\\spedeee\\day of defeat\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{FF00D093-BF79-4CCB-AA1F-ECD110D95809}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{BA5106EA-B31A-4D35-8A20-5D82CCE2F964}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{5C2E28E6-271E-4615-8822-2B6797488BF6}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{CD67CE95-87FF-48A3-9A1A-10BBF20B4085}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{677E687B-65BB-4F70-ACF8-DBDBEDDF4269}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{9738361B-C44E-4292-AEC7-FFF833924C2D}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{18B7B624-014A-4DF5-87A3-176D7B0C4678}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{DDF075B7-32E2-4815-893C-4A1A47754ED3}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{5D8E2F1E-0C60-48B6-9910-8358D2E0302B}c:\\program files\\pan vision\\igi 2 covert strike\\pc\\igi2.exe"= UDP:c:\program files\pan vision\igi 2 covert strike\pc\igi2.exe:IGI2:Covert Strike
"UDP Query User{32B5884D-E822-4790-AB4E-BF722D6A4E64}c:\\program files\\pan vision\\igi 2 covert strike\\pc\\igi2.exe"= TCP:c:\program files\pan vision\igi 2 covert strike\pc\igi2.exe:IGI2:Covert Strike
"{042AD396-A1C7-4F73-96BB-448DBA4DB43D}"= UDP:c:\program files\DAEMON Tools Lite\daemon.exe:DAEMON Tools Lite
"{F29310A9-E952-49F0-9E31-36CBC6BD36F3}"= TCP:c:\program files\DAEMON Tools Lite\daemon.exe:DAEMON Tools Lite
"{21407A14-70C5-4619-84AF-B4C3A97DE74D}"= UDP:c:\program files\Codemasters\Colin McRae Rally 2\CMR2.exe:Colin McRae Rally 2
"{DF61AF12-926E-4301-B638-87DBED1C050B}"= TCP:c:\program files\Codemasters\Colin McRae Rally 2\CMR2.exe:Colin McRae Rally 2
"TCP Query User{D1D2F80C-A6C0-4291-8A10-550F7C004888}d:\\program files\\steam\\steamapps\\spedeee\\source sdk base\\hl2.exe"= UDP:d:\program files\steam\steamapps\spedeee\source sdk base\hl2.exe:hl2
"UDP Query User{A9E3F078-CA05-460D-B717-8068E906871D}d:\\program files\\steam\\steamapps\\spedeee\\source sdk base\\hl2.exe"= TCP:d:\program files\steam\steamapps\spedeee\source sdk base\hl2.exe:hl2
"TCP Query User{6BBB77DC-D1EE-4D1D-8CF5-50AFFBBB228F}d:\\program files\\steam\\steamapps\\spedeee\\half-life\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\half-life\hl.exe:Half-Life Launcher
"UDP Query User{8F5E633E-281A-46B6-8E52-7EB20B7D10E8}d:\\program files\\steam\\steamapps\\spedeee\\half-life\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\half-life\hl.exe:Half-Life Launcher
"TCP Query User{F2F787E6-A251-490D-81AC-E330CB3591F4}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5F3D40B8-879D-4A4C-97A1-0CAC94DAE19C}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{F65B4FD1-D7D6-4164-BCCB-AA8F1D2E4BA7}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DDD70020-7119-4205-B8F1-06696FD766CF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{46D4E449-F9F5-4527-834D-7E849C55C639}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{7E686557-D668-4E0B-AFFE-821869301DCA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{91DC19E4-1E4A-4138-AD51-4CB33D34C8C0}"= UDP:d:\battlefield\BF2.exe:Battlefield 2
"{FA56D2B3-08F6-4089-B72E-B28DFF5588DE}"= TCP:d:\battlefield\BF2.exe:Battlefield 2
"TCP Query User{76481CAD-CD9D-4146-A280-BB0EECEE17A2}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{DAA63AEB-CB6C-411B-A0EC-49A260818A64}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{135F8D09-1951-4DEE-8702-03B36143A76A}c:\\program files\\table tennis pro v2 lite\\ttpro_dx9.exe"= UDP:c:\program files\table tennis pro v2 lite\ttpro_dx9.exe:TTPro_DX9
"UDP Query User{3EBC9FFA-1E5B-4385-8419-4E9C8D1D3764}c:\\program files\\table tennis pro v2 lite\\ttpro_dx9.exe"= TCP:c:\program files\table tennis pro v2 lite\ttpro_dx9.exe:TTPro_DX9
"{BFFD2B12-5502-44DE-9649-9916B54BE899}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{C6185BA5-5BE8-4028-8CE7-A3B47F12346A}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{9A0E1AB1-8D49-4BE7-A1AB-B864DEEF9536}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{833BBE33-426F-445F-B798-91A46E3048C3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3EAAFE99-E6ED-40FF-9399-F82A8BBF96B0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{8E97A60E-EFC7-4D37-9A10-5627CCBF2974}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{698BBEEF-7C25-4899-9414-95908FE01AE3}c:\\program files\\codemasters\\operation flashpoint\\flashpointresistance.exe"= UDP:c:\program files\codemasters\operation flashpoint\flashpointresistance.exe:Operation Flashpoint
"UDP Query User{A0FE7046-585F-4A3F-B540-3A5F4CB6D749}c:\\program files\\codemasters\\operation flashpoint\\flashpointresistance.exe"= TCP:c:\program files\codemasters\operation flashpoint\flashpointresistance.exe:Operation Flashpoint
"TCP Query User{12EE1AF5-2C55-4CA8-95DA-D9F2983657BA}d:\\program files\\steam\\steamapps\\spedeee\\ricochet\\hl.exe"= UDP:d:\program files\steam\steamapps\spedeee\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{F15CFCF1-5700-4A6E-A39E-3C9AFDB038A8}d:\\program files\\steam\\steamapps\\spedeee\\ricochet\\hl.exe"= TCP:d:\program files\steam\steamapps\spedeee\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{7C56A50D-286B-41C7-AB7D-CDBBD94BACE7}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{8F5AA96E-8A60-4FD3-AA86-5A4B0B1F6FB3}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{3ADCB008-1A0E-4D76-88EC-EA33D2F950ED}c:\\program files\\spring\\springdownloader.exe"= UDP:c:\program files\spring\springdownloader.exe:SpringDownloader
"UDP Query User{CCC7DC69-A8BA-4BBF-9DC2-A1545E351DFB}c:\\program files\\spring\\springdownloader.exe"= TCP:c:\program files\spring\springdownloader.exe:SpringDownloader
"TCP Query User{2DAD4694-78B1-49DF-89ED-BFDC3DD518F8}c:\\program files\\spring\\tasclient.exe"= UDP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"UDP Query User{FE9D6DAB-8AF9-4FE7-9F69-6D9CB9C1C20B}c:\\program files\\spring\\tasclient.exe"= TCP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"{BE4BE2F9-8208-431C-9EE8-C7C1CF4989E1}"= TCP:8452:ta spring
"{F63E9224-AA8D-43D3-8359-039F20511F74}"= UDP:8452:ta
"{923FF2EA-5B7D-4445-A5CB-45C8085BEE60}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{1034402A-B28D-4749-9F0F-AB929B32F587}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{EAC2322B-EB87-4D23-9003-32070D89CB74}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{58AE9FA8-8833-403B-A87B-C282A5CB7FE0}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{3C9A9D69-5B4D-4BD2-9B75-8EE05B90330A}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{C842BE58-BFFD-45F4-9FD5-0F86555880DC}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{33D3F175-439E-4EEC-96E3-5B0E5486ED79}"= UDP:c:\program files\LittleFighter2\LF2_v2.0\lf2.exe:Little Fighter 2
"{8E9DB6F4-3BE3-43C6-A230-087F0BB6DDA0}"= TCP:c:\program files\LittleFighter2\LF2_v2.0\lf2.exe:Little Fighter 2
"{D5E97997-0463-41B4-8E95-8188B2A9C1C0}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{466434FE-96F8-45EB-B99E-9872D5697BCF}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{DDF36EA4-A914-4ABF-A5CC-9A80F4F46DB8}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{4C43A396-2215-4053-ABFE-6BC7BB9958E9}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{DD411F09-B1A8-491E-8007-2D00B1AD791A}"= UDP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{7CF50A52-87B3-42FB-8B31-5F5955EF8DAC}"= TCP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{FD42D230-D98B-4BE2-89AB-3510295BE5FB}"= UDP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{4780E112-D9F5-48DF-80DD-050374B5A48A}"= TCP:d:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{6F3D7A03-506A-420E-A138-7F6B6E4063E6}"= UDP:d:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{569ED080-D7C6-409A-8917-20B1E9B3A8BE}"= TCP:d:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{C7CAC8C6-F8F2-4DC7-B953-36DBCFAC8FF0}"= UDP:d:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{0B279AB5-4F0D-4F7D-871F-6000AFC9BE08}"= TCP:d:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{1993F774-FCD4-46F8-8DBB-9609A63F2A47}"= UDP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{3049ACAA-22C7-4618-9DA7-218AB3F25790}"= TCP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-23 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-24 51792]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2008-09-03 625952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-26 206096]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-01 810320]
S2 gupdate1c98c6925f043cf;Google Update Service (gupdate1c98c6925f043cf);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 ADM8511;USB To Fast Ethernet/ HomePNA Adapter;c:\windows\System32\drivers\NETUSB.SYS [2008-12-13 24395]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ecef362-b07d-11dc-aea6-0019214a56e1}]
\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f66892a-a27b-11dd-9667-0019214a56e1}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c502660d-a998-11dc-9f29-806e6f6e6963}]
\shell\AutoRun\command - E:\OblivionLauncher.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 18:49]

2009-02-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 18:52]

2009-02-18 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []

2007-12-14 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 15:40:18
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-02-20 15:42:54
ComboFix-quarantined-files.txt 2009-02-20 13:42:52
ComboFix2.txt 2009-02-20 12:01:27

Ennen ajoa: 177 004 920 832 tavua vapaana
Ajon jälkeen: 176,977,432,576 tavua vapaana

Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
354 --- E O F --- 2009-02-20 11:29:44

[ + lainaa]

Hujo

Suspended permanently

20. helmikuuta 2009 @ 16:16

Linkki tähän viestiin

Kirjoita suorita luukkuun

ComboFix /u

Klikkaa OK

==========

Mikäs on koneen toiminta

[ + lainaa]

Voiko tietsikka koskaan toimia?

Dakann

Suspended due to non-functional email address

20. helmikuuta 2009 @ 16:44

Linkki tähän viestiin

selain lopettaa toimintansa vieläkin. Myös uudelleenkäynnistys toimii todella hitaasti kun selain on lakannut toimimasta.

[ + lainaa]

Dakann

Suspended due to non-functional email address

20. helmikuuta 2009 @ 17:00

Linkki tähän viestiin

Firefox tekee tällaista että vaikka sammutan ohjelma silti prosesseja jää käyntiin ja en saa sitten myöhemmin enää firefoxia päälle.

[ + lainaa]

Hujo

Suspended permanently

20. helmikuuta 2009 @ 21:24

Linkki tähän viestiin

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Mainos

Dakann

Suspended due to non-functional email address

24. helmikuuta 2009 @ 22:08

Linkki tähän viestiin

Okei, tein hieman tutkimusta ja selvitin että ongelma johtui Avastista. Vaihdoin Avastin Antiviriin ja ongelma katosi. Antivir löysi jopa viiruksen koneelta.

Kiitoksia kuitenkin avusta :)

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > selaimet lakkaavat toimimasta


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.